ros2.9.27 防火墙，限速脚本，攺进ROS小包（网络游戏数据包）

zhoufenglong88

大家帮我看一下，那个规则是不可以上网地址的只可以玩游戏的规则。谢谢~
/ ip firewall filter
add chain=input connection-state=invalid action=drop comment="" disabled=no
add chain=input protocol=tcp dst-port=80 connection-limit=100,0 action=accept \
comment="" disabled=no
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment="" disabled=no
add chain=input protocol=tcp connection-limit=3,32 action=accept comment="" \
disabled=no
add chain=input protocol=tcp connection-limit=10,32 \
action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d comment="" disabled=no
add chain=input dst-address-type=!local action=drop comment="" disabled=no
add chain=input src-address-type=!unicast action=drop comment="" disabled=no
add chain=input protocol=icmp action=jump jump-target=ICMP comment="" \
disabled=no
add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept \
comment="" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept \
comment="" disabled=no
add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept \
comment="" disabled=no
add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept \
comment="" disabled=no
add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept \
comment="" disabled=no
add chain=ICMP protocol=icmp action=drop comment="" disabled=no
add chain=forward connection-state=established action=accept comment="" \
disabled=no
add chain=forward connection-state=related action=accept comment="" \
disabled=no
add chain=forward connection-state=invalid action=drop comment="" disabled=no
add chain=forward src-address-type=!unicast action=drop comment="" disabled=no
add chain=forward protocol=icmp action=jump jump-target=ICMP comment="" \
disabled=no
add chain=forward action=jump jump-target=virus comment="" disabled=no
add chain=forward action=accept comment="" disabled=no
add chain=virus protocol=tcp dst-port=135-139 action=drop comment="" \
disabled=no
add chain=virus protocol=udp dst-port=135-139 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=445 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=593 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=1080 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1214 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1363 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1364 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1368 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1373 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1377 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2283 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2535 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=2745 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="" \
disabled=no
add chain=virus protocol=tcp dst-port=3410 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=4444 action=drop comment="" disabled=no
add chain=virus protocol=udp dst-port=4444 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=5554 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=8866 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=9898 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=10000 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=10080 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=12345 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=17300 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=27374 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=65506 action=drop comment="" disabled=no
add chain=virus protocol=tcp dst-port=3389 action=drop comment="" disabled=yes
add chain=virus protocol=tcp dst-port=4899 action=drop comment="" disabled=no
add chain=output protocol=icmp action=drop comment="" disabled=no

/ system script
add name="0_50xian" source=":for aaa from 5 to 254 do={/ip firewall filter add \
chain=forward src-address=\(192.168.0. . \$aaa\) protocol=tcp \
connection-limit=50,32 action=drop}" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="0_256K" source=":for aaa from 5 to 254 do={/queue simple add \
name=\(0_ . \$aaa\) dst-address=\(192.168.0. . \$aaa\) interface=ether1 \
limit-at=256000/64000 max-limit=512000/128000 burst-limit=1024000/256000 \
burst-threshold=512000/128000 burst-time=50s/50s }" \
policy=ftp,reboot,read,write,policy,test,winbox,password
add name="IP" source=":foreach i in=\[/ip arp find dynamic=yes \] do={/ip arp \
add copy-from=\$i}\n\n" \
policy=ftp,reboot,read,write,policy,test,winbox,password

/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1440 \
comment="" disabled=no
add chain=forward p2p=all-p2p action=mark-connection \
new-connection-mark=p2p_conn passthrough=yes comment="" disabled=no
add chain=forward connection-mark=p2p_conn action=mark-packet \
new-packet-mark=p2p passthrough=yes comment="" disabled=no
add chain=forward connection-mark=!p2p_conn action=mark-packet \
new-packet-mark=general passthrough=yes comment="" disabled=no
add chain=forward packet-size=32-512 action=mark-packet new-packet-mark=small \
passthrough=yes comment="" disabled=no
add chain=forward packet-size=512-1200 action=mark-packet new-packet-mark=big \
passthrough=yes comment="" disabled=no
/ queue tree
add name="p2p1" parent=ether1 packet-mark=p2p limit-at=2000000 queue=default \
priority=8 max-limit=6000000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="p2p2" parent=ether2 packet-mark=p2p limit-at=2000000 queue=default \
priority=8 max-limit=6000000 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="ClassA" parent=ether2 packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=100000000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="ClassB" parent=ClassA packet-mark="" limit-at=0 queue=default \
priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Leaf1" parent=ClassA packet-mark=general limit-at=0 queue=default \
priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Leaf2" parent=ClassB packet-mark=small limit-at=0 queue=default \
priority=5 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no
add name="Leaf3" parent=ClassB packet-mark=big limit-at=0 queue=default \
priority=6 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
disabled=no 感激不尽~~高手们帮小弟解决下我快哭了~~~~~~~

                               
登录/注册后可看大图

                               
登录/注册后可看大图

                               
登录/注册后可看大图